SHA256
1
0
forked from pool/audit
Commit Graph

154 Commits

Author SHA256 Message Date
Dominique Leuenberger
f0e0e85897 Accepting request 810662 from security
- Fix specfile to require libauparse0 and libaudit1 after splitting
  audit-libs (bsc#1172295)

OBS-URL: https://build.opensuse.org/request/show/810662
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=90
2020-06-11 12:38:39 +00:00
Enzo Matsumiya
005741884e - Fix specfile to require libauparse0 and libaudit1 after splitting
audit-libs (bsc#1172295)

OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=110
2020-06-01 17:13:53 +00:00
Dominique Leuenberger
9f1fdb1bed Accepting request 765091 from security
Version update to version 2.8.5
Fix bz#1160384

OBS-URL: https://build.opensuse.org/request/show/765091
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=89
2020-01-23 15:07:45 +00:00
Tony Jones
74524fcb73 - Update to version 2.6.5:
* Fix segfault on shutdown
  * Fix hang on startup (#1587995)
  * Add sleep to script to dump state so file is ready when needed
  * Add auparse_normalizer support for SOFTWARE_UPDATE event
  * Mark netlabel events as simple events so that get processed quicker
  * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
  * Add 30-ospp-v42.rules to meet new Common Criteria requirements
  * Update lookup tables for the 4.18 kernel
  * In aureport, fix segfault in file report
  * Add auparse_normalizer support for labeled networking events
  * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
  * Event aging is off by a second
  * In ausearch/auparse, correct event ordering to process oldest first
  * auparse_reset was not clearing everything it should
  * Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
  * In ausearch/report, lightly parse selinux portion of USER_AVC events
  * In ausearch/report, limit record size when malformed
  * In auditd, fix extract_type function for network originating events
  * In auditd, calculate right size and location for network originating events
  * Treat all network originating events as VER2 so dispatcher doesn't format it
  * In audisp-remote do an initial connection attempt (#1625156)
  * In auditd, allow expression of space left as a percentage (#1650670)
  * On PPC64LE systems, only allow 64 bit rules (#1462178)
  * Make some parts of auditd state report optional based on config
  * Fix ausearch when checkpointing a single file (Burn Alting)
  * Fix scripting in 31-privileged.rules wrt filecap (#1662516)
  * In ausearch, do not checkpt if stdin is input source
  * In libev, remove __cold__ attribute for functions to allow proper hardening
  * Add tests to configure.ac for openldap support

OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=108
2020-01-16 20:02:22 +00:00
Tony Jones
4971d594a2 osc copypac from project:security package:audit revision:105
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=107
2019-10-18 17:26:13 +00:00
Tony Jones
a026abd994 Accepting request 739736 from home:RBrownSUSE:branches:security
Remove obsolete Groups tag (fate#326485)

OBS-URL: https://build.opensuse.org/request/show/739736
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=106
2019-10-17 14:14:02 +00:00
Dominique Leuenberger
ea50e39101 Accepting request 708766 from security
OBS-URL: https://build.opensuse.org/request/show/708766
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=88
2019-06-26 13:59:07 +00:00
Lars Vogdt
c90af7d388 Accepting request 687275 from home:jengelh:sct
- Reduce scriptlets' hard dependency on systemd.
- Make use of some %make_install.

OBS-URL: https://build.opensuse.org/request/show/687275
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=104
2019-06-08 16:58:52 +00:00
Dominique Leuenberger
59a15871f8 Accepting request 619464 from security
OBS-URL: https://build.opensuse.org/request/show/619464
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=87
2018-07-07 19:51:47 +00:00
Tony Jones
f7b3eda238 Accepting request 618655 from home:1Antoine1:branches:security
- Update to version 2.8.4:
  * Generate checkpoint file even when not results are returned
    (Burn Alting).
  * Fix log file creation when file logging is disabled entirely
    (Vlad Glagolev).
  * Use SIGCONT to dump auditd internal state (rh#1504251).
  * Fix parsing of virtual timestamp fields in ausearch_expression
    (rh#1515903).
  * Fix parsing of uid & success for ausearch.
  * Hide lru symbols in auparse.
  * Fix aureport summary time range reporting.
  * Allow unlimited retries on startup for remote logging.
  * Add queue_depth to remote logging stats and increase default
    queue_depth size.
- Update to version 2.8.3:
  * Correct msg function name in lru debug code.
  * Fix a segfault in auditd when dns resolution isn't available.
  * Make a reload legacy service for auditd.
  * In auparse python bindings, expose some new types that were
    missing.
  * In normalizer, pickup subject kind for user_login events.
  * Fix interpretation of unknown ioctcmds (rh#1540507).
  * Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, &
    RESP_ORIGIN_BLOCK_TIMED events.
  * In auparse_normalize for USER_LOGIN events, map acct for
    subj_kind.
  * Fix logging of IPv6 addresses in DAEMON_ACCEPT events
    (rh#1534748).
  * Do not rotate auditd logs when num_logs < 2 (brozs).
- Update to version 2.8.4:
  * Generate checkpoint file even when not results are returned
    (Burn Alting).
  * Fix log file creation when file logging is disabled entirely
    (Vlad Glagolev).
  * Use SIGCONT to dump auditd internal state (rh#1504251).
  * Fix parsing of virtual timestamp fields in ausearch_expression
    (rh#1515903).
  * Fix parsing of uid & success for ausearch.
  * Hide lru symbols in auparse.
  * Fix aureport summary time range reporting.
  * Allow unlimited retries on startup for remote logging.
  * Add queue_depth to remote logging stats and increase default
    queue_depth size.
- Update to version 2.8.3:
  * Correct msg function name in lru debug code.
  * Fix a segfault in auditd when dns resolution isn't available.
  * Make a reload legacy service for auditd.
  * In auparse python bindings, expose some new types that were
    missing.
  * In normalizer, pickup subject kind for user_login events.
  * Fix interpretation of unknown ioctcmds (rh#1540507).
  * Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, &
    RESP_ORIGIN_BLOCK_TIMED events.
  * In auparse_normalize for USER_LOGIN events, map acct for
    subj_kind.
  * Fix logging of IPv6 addresses in DAEMON_ACCEPT events
    (rh#1534748).
  * Do not rotate auditd logs when num_logs < 2 (brozs).

OBS-URL: https://build.opensuse.org/request/show/618655
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=102
2018-06-28 01:17:18 +00:00
6975dcd5ff Accepting request 593188 from home:kukuk:branches:security
- Use %license instead of %doc [bsc#1082318]

OBS-URL: https://build.opensuse.org/request/show/593188
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=101
2018-04-11 13:58:54 +00:00
Dominique Leuenberger
e5a6970bfd Accepting request 588035 from security
OBS-URL: https://build.opensuse.org/request/show/588035
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=86
2018-03-26 09:51:53 +00:00
Tony Jones
e57cf5edeb Accepting request 588034 from home:jones_tony:branches:security
- Change openldap dependency to client only (bsc#1085003)
- Resolve issue with previous change if both Python2 and Python3 are
  present, tests were failing as python2 bindings are preferred in this
  case.
- Update header in audit-python3.patch
- Update patch guidelines in README-BEFORE-ADDING-PATCHES

OBS-URL: https://build.opensuse.org/request/show/588034
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=99
2018-03-16 23:10:56 +00:00
Tony Jones
7176e3c394 Accepting request 580988 from openSUSE:Factory:Staging:O
- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * Add SOFTWARE_UPDATE event
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname

- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * Add SOFTWARE_UPDATE event
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname

OBS-URL: https://build.opensuse.org/request/show/580988
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=98
2018-03-01 21:24:42 +00:00
c3b4f0e839 - reverted -j1 force ppc specific only
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=97
2018-02-22 11:00:36 +00:00
c2369388d3 Accepting request 573323 from home:michel_mno:branches:security
- force -j1 for PowerPC make check to avoid build failure
  (lookup_test.o: file not recognized: File truncated)

OBS-URL: https://build.opensuse.org/request/show/573323
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=96
2018-02-19 07:17:33 +00:00
Dominique Leuenberger
dfaa3130a1 Accepting request 567005 from security
OBS-URL: https://build.opensuse.org/request/show/567005
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=85
2018-01-26 12:33:24 +00:00
Tony Jones
b1e7f92a48 Accepting request 566726 from home:scarabeus_iv:branches:security
- Add conditions around python plugins to allow us to conditionalize
  them in enviroment without python2

OBS-URL: https://build.opensuse.org/request/show/566726
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=94
2018-01-17 21:04:11 +00:00
Dominique Leuenberger
bc47e83530 Accepting request 540279 from security
- Rename python binding packages to match current python packaging
  standards
- Update python build dependencies to resolve future split of
  python2/3 (forwarded request 540272 from pluskalm)

OBS-URL: https://build.opensuse.org/request/show/540279
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=84
2017-11-15 15:49:16 +00:00
32adeb8614 Accepting request 540272 from home:pluskalm:branches:security
- Rename python binding packages to match current python packaging
  standards
- Update python build dependencies to resolve future split of
  python2/3

OBS-URL: https://build.opensuse.org/request/show/540272
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=92
2017-11-09 17:04:53 +00:00
1ded129a42 Accepting request 539420 from home:avindra
- Update to version 2.8.1. See audit.spec (libaudit1) for upstream
  changelog
- Remove audit-implicit-writev.patch (fixed upstream across 2
  commits)
  * 3b30db20ad983274989ce9a522120c3c225436b3
  * 07132c22314e9abbe64d1031fd8734243285bb3f
- Cleanup with spec-cleaner
- Update to version 2.8.1 release (includes 2.8 and 2.7.8 changes)
  * many features added to auparse_normalize
  * cli option added to auditd and audispd for setting config dir
  * in auditd, restore the umask after creating a log file
  * option added to auditd for skipping email verification
-  Full changelog: http://people.redhat.com/sgrubb/audit/ChangeLog

OBS-URL: https://build.opensuse.org/request/show/539420
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=91
2017-11-09 13:54:55 +00:00
Dominique Leuenberger
d3da0cd89a Accepting request 517818 from security
1

OBS-URL: https://build.opensuse.org/request/show/517818
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=83
2017-08-24 15:40:36 +00:00
757d4f4e1d Accepting request 517517 from home:dimstar:Factory
include sys/uio.h for writev, fixes build failure in Staging:C https://build.opensuse.org/build/openSUSE:Factory:Staging:C:DVD/standard/x86_64/audit-secondary/_log

OBS-URL: https://build.opensuse.org/request/show/517517
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=89
2017-08-21 05:39:17 +00:00
Yuchen Lin
a10b7236ba Accepting request 514176 from security
1

OBS-URL: https://build.opensuse.org/request/show/514176
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=82
2017-08-08 09:56:33 +00:00
f336e4b06a Accepting request 512289 from home:jengelh:branches:security
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.

OBS-URL: https://build.opensuse.org/request/show/512289
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=87
2017-08-03 08:14:13 +00:00
Dominique Leuenberger
3f83748f78 Accepting request 511711 from security
1

OBS-URL: https://build.opensuse.org/request/show/511711
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=81
2017-07-24 10:29:14 +00:00
Tony Jones
e3d31e63b6 Accepting request 511710 from home:jones_tony:branches:security
OBS-URL: https://build.opensuse.org/request/show/511710
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=85
2017-07-20 20:07:48 +00:00
Dominique Leuenberger
0dd7220473 Accepting request 383796 from security
1

OBS-URL: https://build.opensuse.org/request/show/383796
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=80
2016-04-11 08:27:30 +00:00
8bfd2e643e Accepting request 383289 from home:scarabeus_iv:branches:security
- Create folder for the m4 file from previous commit to avoid install
  failure

OBS-URL: https://build.opensuse.org/request/show/383289
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=83
2016-04-04 09:18:16 +00:00
Tony Jones
e700ce1264 Accepting request 382986 from home:scarabeus_iv:branches:security
- Version update to 2.5. See audit.spec (libaudit1) for upstream
  changelog
- Cleanup with spec-cleaner
- Sort out bit /sbin /usr/sbin/ installation
- Install the rules as documentation
- Remove needless %py_requires from python subpkgs

- Version update to 2.5 release
- Refresh two patches and README to contain SUSE and not SuSE
  * audit-allow-manual-stop.patch
  * audit-plugins-path.patch
- Cleanup with spec-cleaner and do not use subshells but rather use
  -C parameter of make
- Install m4 file to the devel package

OBS-URL: https://build.opensuse.org/request/show/382986
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=82
2016-04-01 16:36:15 +00:00
Stephan Kulow
164d09553b Accepting request 347322 from security
1

OBS-URL: https://build.opensuse.org/request/show/347322
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=79
2015-12-13 08:34:08 +00:00
23489d2c18 Accepting request 347165 from home:posophe:branches:security
little fix

OBS-URL: https://build.opensuse.org/request/show/347165
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=80
2015-12-03 14:45:33 +00:00
Dominique Leuenberger
2caf2e950d Accepting request 329230 from security
OBS-URL: https://build.opensuse.org/request/show/329230
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=78
2015-09-11 06:59:55 +00:00
Tony Jones
b5e111de83 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=79 2015-09-04 22:54:46 +00:00
Tony Jones
7a17f4104f Accepting request 329223 from home:jones_tony:branches:security
OBS-URL: https://build.opensuse.org/request/show/329223
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=78
2015-09-04 22:09:27 +00:00
Tony Jones
35ac1a5f73 Accepting request 283377 from security
revert to r75

OBS-URL: https://build.opensuse.org/request/show/283377
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=77
2015-01-29 20:31:09 +00:00
Tony Jones
42d7928102 Accepting request 283367 from home:fdmanana:branches:security
- Teach ausearch to filter AppArmor events (Fate#317726).
  Added patch file audit-ausearch-filter-apparmor-events.patch

OBS-URL: https://build.opensuse.org/request/show/283367
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=76
2015-01-29 19:21:15 +00:00
Dominique Leuenberger
3fa133e1f9 Accepting request 263884 from security
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/263884
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=77
2014-12-03 21:47:20 +00:00
Jan Matejka
74ea258675 - Update to version 2.4.1
Changelog 2.4.1
  - Make python3 support easier
  - Add support for ppc64le (Tony Jones)
  - Add some translations for a1 of ioctl system calls
  - Add command & virtualization reports to aureport
  - Update aureport config report for new events
  - Add account modification summary report to aureport
  - Add GRP_MGMT and GRP_CHAUTHTOK event types
  - Correct aureport account change reports
  - Add integrity event report to aureport
  - Add config change summary report to aureport
  - Adjust some syslogging level settings in audispd
  - Improve parsing performance in everything
  - When ausearch outputs a line, use the previously parsed values (Burn Alting)
  - Improve searching and interpreting groups in events
  - Fully interpret the proctitle field in auparse
  - Correct libaudit and auditctl support for kernel features
  - Add support for backlog_time_wait setting via auditctl
  - Update syscall tables for the 3.18 kernel
  - Ignore DNS failure for email validation in auditd (#1138674)
  - Allow rotate as action for space_left and disk_full in auditd.conf
  - Correct login summary report of aureport
  - Auditctl syscalls can be comma separated list now
  - Update rules for new subsystems and capabilities
- Drop patch audit-add-ppc64le-mach-support.patch (already upstream)

OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=74
2014-11-26 16:13:05 +00:00
Stephan Kulow
f51020c36e Accepting request 247316 from security
1

OBS-URL: https://build.opensuse.org/request/show/247316
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=76
2014-09-07 09:11:37 +00:00
Tony Jones
a550638087 Accepting request 247315 from home:jones_tony:branches:security
OBS-URL: https://build.opensuse.org/request/show/247315
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=72
2014-09-02 23:07:21 +00:00
Stephan Kulow
3f8c9faf02 Accepting request 245613 from security
1

OBS-URL: https://build.opensuse.org/request/show/245613
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=74
2014-08-25 10:59:44 +00:00
42c1e24684 Accepting request 244848 from home:elvigia:branches:security
- If the system has been booted with audit=0 in the kernel cmdline
  auditd.service must refrain from starting as the relevant kernel
  subsystem will be permanently disabled.
  add patch: auditd-donot-start-if-kernel-cmdline-disabled.patch

OBS-URL: https://build.opensuse.org/request/show/244848
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=70
2014-08-21 13:31:20 +00:00
Stephan Kulow
30cb942b15 Accepting request 240712 from security
1

OBS-URL: https://build.opensuse.org/request/show/240712
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=73
2014-07-22 04:57:45 +00:00
Tony Jones
0251e93f2b Accepting request 240711 from home:jones_tony:branches:security
OBS-URL: https://build.opensuse.org/request/show/240711
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=68
2014-07-11 21:01:21 +00:00
Stephan Kulow
f7b968b6a3 Accepting request 230411 from security
(forwarded request 230410 from jones_tony)

OBS-URL: https://build.opensuse.org/request/show/230411
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=72
2014-04-22 05:42:23 +00:00
Tony Jones
27566ad836 Accepting request 230410 from home:jones_tony:branches:security
OBS-URL: https://build.opensuse.org/request/show/230410
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=66
2014-04-16 22:35:54 +00:00
Stephan Kulow
ccc8ecc2f1 Accepting request 227642 from security
- fix systemd warning: 
  "Configuration file /usr/lib/systemd/system/auditd.service 
  is marked world-inaccessible. 
  This has no effect as configuration data is accessible 
  via APIs without restrictions"
* indeed restricting access to unit files using filesystem
  permissions is non-sense. (forwarded request 227625 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/227642
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=71
2014-03-30 05:55:08 +00:00
Tony Jones
998e45611f Accepting request 227625 from home:elvigia:branches:security
- fix systemd warning: 
  "Configuration file /usr/lib/systemd/system/auditd.service 
  is marked world-inaccessible. 
  This has no effect as configuration data is accessible 
  via APIs without restrictions"
* indeed restricting access to unit files using filesystem
  permissions is non-sense.

OBS-URL: https://build.opensuse.org/request/show/227625
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=64
2014-03-26 19:47:19 +00:00
Stephan Kulow
cbff90fad0 Accepting request 224271 from security
(forwarded request 224270 from jones_tony)

OBS-URL: https://build.opensuse.org/request/show/224271
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=70
2014-03-01 13:55:28 +00:00